Closed Bug 1012646 Opened 10 years ago Closed 10 years ago

Crash in strlen through [@ js::SavedStacks::insertFrames] with enableTrackAllocations

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla32
Tracking Status
firefox32 --- affected

People

(Reporter: decoder, Assigned: fitzgen)

Details

(Keywords: crash, testcase, Whiteboard: [jsbugmon:update,bisect])

Crash Data

Attachments

(2 files)

The following testcase crashes on mozilla-central revision 41a54c8add09 (run with --fuzzing-safe):


enableTrackAllocations();
evaluate("throw Error();", {fileName: null});
Nick, is this fallout from your patch? :)
Flags: needinfo?(nfitzgerald)
Whiteboard: [jsbugmon:update,bisect]
How many crashers did I create?? :(

Will investigate.
Assignee: nobody → nfitzgerald
Flags: needinfo?(nfitzgerald)
Comment on attachment 8425858 [details] [diff] [review]
strlen-crasher.patch

Review of attachment 8425858 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM
Attachment #8425858 - Flags: review?(ejpbruel) → review+
https://hg.mozilla.org/mozilla-central/rev/b34ba09e0391
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: